oss-sec mailing list archives
Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize()
From: Lior Kaplan <kaplanlior () gmail com>
Date: Tue, 31 Mar 2015 09:32:25 +0300
On Tue, Mar 31, 2015 at 1:49 AM, Tyler Hicks <tyhicks () canonical com> wrote:
On 2015-03-30 23:42:01, Tomas Hoger wrote:On Fri, 20 Mar 2015 20:35:59 +0100 Andrea Palazzo wrote:I'd like to request a CVE for the PHP Sec Bug #69085. Description: SoapClient's __call() method is prone to a type confusion vulnerability which can be used to gain remote code execution through unsafe unserialize() calls. Info: https://bugs.php.net/bug.php?id=69085There is another unserialize issue fixed in 5.6.7, 5.5.23 and 5.4.39 and currently listed on PHP 5 Changelog page: http://php.net/ChangeLog-5.php Fixed bug #68976 (Use After Free Vulnerability in unserialize()).(CVE-2015-0231)https://bugs.php.net/68976I believe that the ChangeLog-5.php page contains a typo since NVD claims that CVE-2015-2787 corresponds to PHP bug #68976: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2787
We weren't aware of this CVE assignment... Thanks. The bug & changelog updated. Kaplan
Current thread:
- CVE Request: PHP SoapClient's __call() type confusion through unserialize() Andrea Palazzo (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Moritz Muehlenhoff (Mar 20)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tomas Hoger (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Lior Kaplan (Mar 30)
- Re: CVE Request: PHP SoapClient's __call() type confusion through unserialize() Tyler Hicks (Mar 30)